Creating/Modifying Groups using an LDAP Command Line

Novell Cool Solutions: Tip
By Aaron Burgemeister

Digg This - Slashdot This Posted: 7 Mar 2007

Problem

A Forum reader recently asked:

"How can I create/modify groups using the command line? I need to figure out how to handle eDirectory groups under LDAP. I have Novell 8.8 installed on Windows server 2003."

And here's the response from Aaron Burgemeister ...

Solution

Hacking groups from the command line (via LDAP) is simple enough. You just need to be sure you modify both the user AND group sides of the link. Given this example:

User:
  groupMembership
  securityEquals

Group:
  members
  equivalentToMe

... you need to modify both a user and group to add these things:

dn: cn=admin,dc=user,dc=system
changetype: modify
add: groupMembership
groupMembership: cn=admingroup,dc=group,dc=system
- -
add: equivalentToMe
equivalentToMe: cn=admingroup,dc=group,dc=system

dn: cn=admingroup,dc=group,dc=system
changetype: modify
add: member
member: cn=admin,dc=user,dc=system
- -
add: securityEquals
securityEquals: cn=admin,dc=user,dc=system

Reader Comments

• Thorough group manipulation from the command line. Thank-you.
• This is about 10% complete. You have shown the LDAP information. How about the actual command-line syntax using ice or a similar tool? Wouldn't that anser the question completely?
• Watch out! I've used this in the past and you do not want to give the admingroup the security equal to the admin user. At that point, all the members of the group are security equivalent to the admin user. For the user, you modify groupMembership and securityEquals, and point them both to the dn of the group object. In the group object, you need to modify equivalentToMe, and member to the dn of the user. The only worry I have when I use this is backlinks, I've not had a problem yet, but be aware that this may be an issue when you remove users from the group in the future.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com